Below:

Next story in Tech and gadgets

A few years ago, security experts thought you'd be crazy to
access an online bank account from a mobile phone.

Mobile Web browsers hid URLs, making it easy for cybercriminals
to
impersonate banking sites. The Wireless Application Protocol
mobile-Web standard offered limited security. Even after the
introduction of smartphones, banks' stand-alone apps were often
poorly designed.

"We've seen a few examples where it became clear the mobile
finance apps didn't quite receive the same level of security
scrutiny as their traditional counterparts," Roel Schouwenberg, a
senior researcher at Kaspersky Lab, stated in a TechNewsDaily
article as recently as May 2012.

The tide has turned. Experts now say mobile devices may actually
be safer to use than computers for online banking, in part
because malicious software can be downloaded to a computer
without a user knowing it.

On a mobile device, secretly installing software is much harder
to do, as long as the device hasn't been "rooted" or "jailbroken"
to let the user run privileged commands and install unauthorized
software.

Why mobile applications are safer

As long as they're using encrypted Wi-Fi or a cellular data
connection, mobile customers usually don't need to worry about
malware hijacking their online-banking sessions. (Mobile
banking Trojans do exist, but so far they only assist their
desktop variants by stealing two-factor login authentication
codes.)

"No online banking is completely safe, period," said Clay
Calvert, director of cybersecurity for MetroStar Systems, an IT
consulting firm in Reston, Va. "However, unrooted tablets and
cellphones are much safer than using PCs for banking."

"The primary reason for this," Calvert said, "is that
applications are vetted [by Apple and Google] before they're sent
to the app store and made available for download.

"Apple and Google specifically look for
malicious behavior built into apps that are submitted by
developers," he said, "and will reject anything that presents
potential security risks."

"Within the last year," Hughes said, "Google has made changes to
improve the way it scans and reviews apps that are submitted and
distributed through its Google Play app store, and has enhanced
the criteria under which they will release apps from a security
configuration perspective."

"Recent changes in the Jelly Bean release [in 2012] included
clearer app permissions, a new app-verification service to
enhance security, encryption improvements and other
enhancements," Hughes added.

However, non-rooted Android devices can still be put in danger.
Users who seek free or discounted apps from sources other than
the official Google Play store run the risk of being infected by
corrupted apps, which are easy to create.

To avoid this, go into the Settings menu, select Security and
make sure "Unknown sources" is left unchecked.

There has also been an evolution in the breadth and depth of
mobile application security solutions, such as mobile application
integrity protection, said Kevin Morgan, chief technology officer
of application-security provider Arxan Technologies in Bethesda,
Md.

Still, there are many opportunities for a cybercriminal to
interrupt online-banking communications.

"The general threat to all mobile financial services is that
critical business and security information for the transaction
can be analyzed, tampered with, circumvented and even stolen,"
Morgan said.

"This can occur when you are running a tampered version of the
original vendor application," he added. "You may have picked up a
tampered version that was posing in an app store as a legitimate
version.

"When you plugged into a
public charger at the airport, your legitimate application
may have been replaced," Morgan explained. "Or your legitimate
application on your device may have been replaced or tampered
with internally on your mobile device by another rogue
application that you previously loaded and ran."

Best practices for mobile online banking

If you think your mobile device is secure enough for financial
transactions, your best bet is to follow these tips to make sure
your finances remain safe:

"By having the ability to set up new creditors from your online
account," he said, "you create the risk of a hacker using malware
to access your account, then adding payments to another financial
institution and emptying your account."

Text messages are not encrypted, so banks won't ask for personal
information via SMS. If you transmit sensitive financial
information on your mobile phone, be sure you are using a secure
browser or app.

— If you are considering a mobile finance app, look for one that
lets you remotely wipe the data from your cellphone if you lose
it.